Overview of MSIX App Attach

Overview of MSIX App Attach

To begin using AppAttach in Nerdio Manager you need to create a VHD(X) package containing the MSIX application. The process for creating such packages is documented here.

Get Started

You need the following items to get started:

  • VHD(X) file containing the MSIX application: This is a file that you create (or obtain from app publisher) that is ready to be used for App Attach.

  • Certificate (optional): Each VHD(X) package is signed with a digital cert. If you used a self-signed cert that was used to sign the VHD(X) package, you need to be sure that this cert is installed on the session host VMs. Have the .cer file handy.

Sample VHD(X) Packages and Certificate

To help you get you started, we created a few VHD(X) packages for some popular applications that you can download and start using in your AVD environment for testing purposes.

Google Chrome

Mozilla Firefox

Notepad++

PuTTY

VLC

Certificate

  • The certificate can be downloaded here.

  • The certificate is the same for all the packages.

MSIX App Attach Prerequisites

To get started with publishing MSIX App Attach applications to your users' AVD sessions with Nerdio Manager you need the following items:

  • VHD(X) package with associated information listed above. Feel free to use our sample packages to get started.

  • Azure Files share that is integrated with Active Directory and has the proper security configuration. More on this below.

  • AVD host pool with session hosts running Windows 10 2004 or newer. MSIX AppAttach is not available in prior versions of Windows 10.

  • Nerdio Manager version 2.0 or later.

    Note: App attach does not work on Windows 10 1909.

Configure Azure Files Permissions for MSIX App Attach

Nerdio Manager leverages Azure Files share technology to store MSIX App Attach packages and associated metadata. You can use an existing Azure Files share or create a new one with Nerdio Manager.

Note: The Azure Files share must be AD-integrated to be used as an App Attach storage location in Nerdio Manager.

Once you've created an Azure Files share and joined it to your AD domain, you must configure security settings on the share to allow session hosts and users to read the contents of the App Attach packages. With Azure Files, the security settings are configured in the following places:

Azure Files Access

NTFS Permissions

In these places, both the session host VM computer and user who uses the application must have at least Reader access. By default, the NTFS permissions on newly created Azure Files shares already have the necessary configuration. However, Azure Files share Access Control still needs to be configured.

To grant session host VMs access to Azure Files shares:

  1. In Active Directory, create a new Global Security group in an OU that is being synched to Entra ID with Entra Connect.

  2. Add Domain Computers and Domain Users to the new group.

  3. In Azure portal, find your Azure Files share and navigate to Access Control.

  4. Add the new security group with Storage File Data SMB Share Reader role.

    Note: You may need to wait for the next sync cycle for new groups to be available in Entra ID.

    Note: The end result is read-only access to the Azure Files share by all domain users and computers. Feel free to customize the above procedure to suite your organization's security policies.

Upload an MSIX App Attach Image File

Nerdio Manager allows you to upload new versions of packages and automatically apply them to existing host pools. In addition, Nerdio Manager can create an image from an existing MSIX package, or you can upload an image file.

To upload an image:

  1. At the Account level, navigate to ApplicationsMSIX app attach images.

  2. Select Upload image.

  3. Enter the following information:

    • Friendly Name: Type the name that you want to appear on the images list.

    • Description: Type a description.

    • Storage Location: From the drop-down list, select the linked app storage location in the AD-integrated Azure Files share.

      Note: MSIX App Attach does not support Entra Domain Services or Entra ID. This needs to be Active Directory Domain Services (ADDS).

    • Version: Type the version number of the image that you are uploading. This must be unique.

    • Image File(s): Select the VHD(X)/CIM file(s) that contains the App Attach application expanded from the MSIX installer.

    • Certificate (.cer) File: Select the certificate file.

      Note: A certificate that was used to create the MSIX package must be installed on all session hosts VMs. If you used a self-signed certificate to create the MSIX package, upload it here and it is automatically installed for you. Alternatively, you can install the certificate on the desktop image and re-image the session host VMs

  4. Once you have entered all the desired information, select Upload.

    The image is uploaded to Nerdio Manager.

Upload an MSIX Package File

If you do not already have a VHD/VHDX./CIM that contains the image, Nerdio Manager allows you to upload the MSIX file and Nerdio Manager automatically creates a VHD file for you.

To upload an MSIX package file:

  1. At the Account level, navigate to ApplicationsMSIX app attach images.

  2. Select Upload MSIX app(s).

  3. Enter the following information:

    • Image Name: Type the image name.
    • Storage Location: From the drop-down list, select the linked app storage location in the AD-integrated Azure Files share.

    • MSIX File(s): Select the MSIX file(s).

    • Certificate (.cer) File(s): Optionally, select the certificate file(s).

      Note: To expand the MSIX app into a VHDX container, a temporary VM is created to perform the operation and then deleted. It is recommended that you simply let Nerdio Manager handle the temporary VM's configuration. Otherwise, select Show advanced settings to specify the temporary VM's details.

  4. Once you have entered all the desired information, select OK.

    The MSIX file is uploaded, and Nerdio Manager begins the process of creating a VM to package the file into a VHDX image.

Upload a new MSIX App Attach Image File

Nerdio Manager allows you to upload new versions of packages and automatically apply them to existing host pools.

To upload a new image:

  1. At the Account level, navigate to ApplicationsMSIX app attach images.

  2. Locate the app attach image you wish to work with.

  3. From the action menu, select Upload new image version.

  4. Enter the following information:

    • Version: Type the version number of the image that you are uploading. This must be unique.

    • Image File(s): Select the VHD(X)/CIM file(s) that contains the App Attach application expanded from the MSIX installer.

    • Certificate (.cer) File: Select the certificate file.

  5. Once you have entered all the desired information, select Upload.

    The new image is uploaded to Nerdio Manager.

Assign an App to a Host Pool

Once you have uploaded an MSIX app attach image, you can assign the app to a host pool.

To assign an app to a host pool:

  1. At the Account level, navigate to AVD > Host Pools.

  2. Locate the host pool you wish to assign the app to.

  3. From the action menu, select Manage MSIX App Attach.

  4. When the Manage MSIX App Attach window displays, select Add.

  5. Enter the following information:

    • Image Source: From the drop-down list, select the location of the image that contains MSIX packages. The image can be stored in Nerdio Manager's image library or on any SMB file share that session host VMs have access to. If you have uploaded or created MSIX images using Nerdio Manager, select Image Library.

    • MSIX App Attach Image: From the drop-down list, select an MSIX App Attach image containing the MSIX packages.

    • Image Version: From the drop-down list, select the image's version to be added to the host pool.

    • Packages: From the drop-down list, select one or more MSIX packages/apps present in the image to make available to users on this host pool.

      Notes:

      • Ensure that the host pool has at least one running session host VM.

      • Each VM in the host pool must have certificates that were used to sign MSIX installed. Select Install certificates to install them if they aren't already.

  6. Once you have entered all the desired information, select OK.

    The MSIX app is added to the host pool.

Install App Certificates to a Host Pool

Once you have uploaded an MSIX app attach image, you can install app certificates host pool.

To install an app certificate to a host pool:

  1. At the Account level, navigate to AVD > Host Pools.

  2. Locate the host pool you wish to work with.

  3. From the action menu, select Manage MSIX App Attach.

  4. When the Manage MSIX App Attach window displays, select Install certificates.

  5. Select the desired .cer file.

  6. Once you have selected the .cer file, select OK.

    The app certificate is added to the host pool.

Link MSIX App Attach Storage Locations

Nerdio Manager allows you to link one or more Azure Files shares to be used for storing MSIX App Attach packages.

To link Azure Files shares for storing MSIX App Attach packages:

  1. At the Account level, navigate to Settings > Integrations.

  2. In the MSIX App Attach Storage Locationstile, a list of existing MSIX App Attach Storage locations is displayed.

  3. Select Link.

  4. Enter the following information:

    • Name: Type the AppAttach storage location name.

    • Azure Files Share: From the drop-down list, select the Azure Files share.

      Notes:

      • The Azure Files share must be AD-integrated to be used for AppAttach storage.

      • To use an Azure Files share as a storage location for AppAttach packages, security permissions must be properly configured to allow session host VMs to mount the share. Be sure that Azure Access Control and NTFS permissions on the Azure Files share are set to allow at least READ permissions for session hosts and users of the applications.

      • The Azure file shares are grouped by subscription under the Azure file shares selector. So you need to first select the correct Azure subscription and then the associated files share.

  5. Once you have entered all the desired information, select OK .

    Notes:

    • Select unlink to unlink the Azure Files share location.

    • Select the copy icon to copy the path of the storage location to the clipboard.

    • Select the close file handles icon to close the file handles. See this Microsoft article for additional information.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Please sign in to leave a comment.